← back
CVE-2022-42867

CVE-2022-42867

CVSS 8.8 HIGHEPSS 34.6%CWE-416
In short

A memory management flaw in Safari and Apple OS allows attackers to run arbitrary code by crafting malicious web content. After an object is deleted, the software still tries to use it, creating a security hole.

Technical detail

Use-after-free vulnerability in WebKit's memory management allows remote code execution via maliciously crafted web content. Exploitation requires user interaction to visit a malicious webpage; successful exploitation grants arbitrary code execution in the browser context.

Summary generated and translated by AI from the official description.
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · tvOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/23http://seclists.org/fulldisclosure/2022/Dec/26http://seclists.org/fulldisclosure/2022/Dec/27http://seclists.org/fulldisclosure/2022/Dec/28https://security.gentoo.org/glsa/202305-32https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213535https://support.apple.com/en-us/HT213536https://support.apple.com/en-us/HT213537http://www.openwall.com/lists/oss-security/2022/12/26/1